SAIC
Description
SAIC is seeking a
Risk Management Framework (RMF) Analyst
for our customer site in North Charleston,
SC
or New Orleans,
LA.
The Risk Management Framework (RMF) Analyst plays a critical role in obtaining and maintaining authorization of core infrastructure systems managed by Data Center and Cloud Hosting Services (DC2HS). This position requires hands-on experience with Enterprise Mission Assurance Support Services (eMASS) to capture information and artifacts necessary for authorization in accordance with the Department of the Navy (DoN) RMF Process Guide, Navy Security Control Assessor Risk Assessment Guide, CYBERSAFE requirements, and other applicable agency policies.
The RMF Analyst will collaborate with system owners, developers, and security personnel to identify, assess, and mitigate risks throughout the system lifecycle. A strong working knowledge of the Navy's RMF process and tools such as eMASSter and RAFT is essential.
Essential Duties and Responsibilities:
1. RMF Implementation and Maintenance
Develop and maintain RMF documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms)
Determine applicable security controls in alignment with NIST 800-53 and other guidance
Test and monitor security controls to ensure effectiveness
Review and assess technical test results (e.g., ACAS scans, SCAP scans, Evaluate STIG results, STIG checklists) and work with engineers/cybersecurity teams to resolve findings
Conduct periodic security reviews and audits to maintain compliance
Update Department of Defense Information Technology Portfolio Repository - Department of the Navy (DITPR-DON) records, if applicable
2. Collaboration and Communication
Work closely with system owners, developers, and stakeholders to integrate security across the system development lifecycle (SDLC)
Provide RMF guidance and best practices to system owners
Clearly communicate security risks, findings, and recommendations to leadership and stakeholders
3. Continuous Improvement
Stay current with evolving threats, vulnerabilities, and compliance requirements
Recommend improvements to RMF documentation, processes, and reporting
Qualifications
Education:
Bachelor's degree in a technical or managerial discipline OR High School Diploma/GED with equivalent experience
Must meet the latest DoD 8570.1M / DoD 8140 cybersecurity workforce training and certification requirements
Experience:
5+ years of relevant experience with a Bachelor's degree OR 7+ years with a HS Diploma/GED in Cybersecurity, Engineering, Test & Evaluation (T&E), or Assessment & Authorization (A&A)/Certification & Accreditation (C&A)
Demonstrated working knowledge of the Risk Management Framework (RMF)
Experience with eMASS, ACAS, and related Information Assurance tools
Familiarity with ATO requirements, security policies, and compliance documentation
Ability to evaluate security solutions, supervise/maintain operational security posture, and ensure compliance with change management/configuration control
Certifications (Required):
At least one (1) of the following:
CompTIA Security+ CompTIA Advanced Security Practitioner (CASP)
Certified Information Systems Security Professional (CISSP)
At least one (1) of the following:
IEEE CS Software Development Associate Engineer Certification
Microsoft role-based certifications (e.g., MCAD, MCDBA)
Red Hat Certification Program (RHCP)
Cisco Certified Network Associate (CCNA)
Oracle Certified Associate (relevant technology)
VMware Certified Technical Associate - Data Center Virtualization
Citrix Certified Administrator
Cloud certifications (e.g., AWS Architect, Developer, SysOps Associate)
Plus: Must be certified at Information Assurance Technical (IAT) Level II or higher
Clearance:
Must be a US Citizen with an active secret security clearance
Desired Skills:
Strong analytical and problem-solving skills
Excellent written and verbal communication
Ability to work independently and within cross-functional teams
Detail-oriented with a strong focus on compliance and security
REQNUMBER: 2511281
SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability
SAIC is seeking a
Risk Management Framework (RMF) Analyst
for our customer site in North Charleston,
SC
or New Orleans,
LA.
The Risk Management Framework (RMF) Analyst plays a critical role in obtaining and maintaining authorization of core infrastructure systems managed by Data Center and Cloud Hosting Services (DC2HS). This position requires hands-on experience with Enterprise Mission Assurance Support Services (eMASS) to capture information and artifacts necessary for authorization in accordance with the Department of the Navy (DoN) RMF Process Guide, Navy Security Control Assessor Risk Assessment Guide, CYBERSAFE requirements, and other applicable agency policies.
The RMF Analyst will collaborate with system owners, developers, and security personnel to identify, assess, and mitigate risks throughout the system lifecycle. A strong working knowledge of the Navy's RMF process and tools such as eMASSter and RAFT is essential.
Essential Duties and Responsibilities:
1. RMF Implementation and Maintenance
Develop and maintain RMF documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms)
Determine applicable security controls in alignment with NIST 800-53 and other guidance
Test and monitor security controls to ensure effectiveness
Review and assess technical test results (e.g., ACAS scans, SCAP scans, Evaluate STIG results, STIG checklists) and work with engineers/cybersecurity teams to resolve findings
Conduct periodic security reviews and audits to maintain compliance
Update Department of Defense Information Technology Portfolio Repository - Department of the Navy (DITPR-DON) records, if applicable
2. Collaboration and Communication
Work closely with system owners, developers, and stakeholders to integrate security across the system development lifecycle (SDLC)
Provide RMF guidance and best practices to system owners
Clearly communicate security risks, findings, and recommendations to leadership and stakeholders
3. Continuous Improvement
Stay current with evolving threats, vulnerabilities, and compliance requirements
Recommend improvements to RMF documentation, processes, and reporting
Qualifications
Education:
Bachelor's degree in a technical or managerial discipline OR High School Diploma/GED with equivalent experience
Must meet the latest DoD 8570.1M / DoD 8140 cybersecurity workforce training and certification requirements
Experience:
5+ years of relevant experience with a Bachelor's degree OR 7+ years with a HS Diploma/GED in Cybersecurity, Engineering, Test & Evaluation (T&E), or Assessment & Authorization (A&A)/Certification & Accreditation (C&A)
Demonstrated working knowledge of the Risk Management Framework (RMF)
Experience with eMASS, ACAS, and related Information Assurance tools
Familiarity with ATO requirements, security policies, and compliance documentation
Ability to evaluate security solutions, supervise/maintain operational security posture, and ensure compliance with change management/configuration control
Certifications (Required):
At least one (1) of the following:
CompTIA Security+ CompTIA Advanced Security Practitioner (CASP)
Certified Information Systems Security Professional (CISSP)
At least one (1) of the following:
IEEE CS Software Development Associate Engineer Certification
Microsoft role-based certifications (e.g., MCAD, MCDBA)
Red Hat Certification Program (RHCP)
Cisco Certified Network Associate (CCNA)
Oracle Certified Associate (relevant technology)
VMware Certified Technical Associate - Data Center Virtualization
Citrix Certified Administrator
Cloud certifications (e.g., AWS Architect, Developer, SysOps Associate)
Plus: Must be certified at Information Assurance Technical (IAT) Level II or higher
Clearance:
Must be a US Citizen with an active secret security clearance
Desired Skills:
Strong analytical and problem-solving skills
Excellent written and verbal communication
Ability to work independently and within cross-functional teams
Detail-oriented with a strong focus on compliance and security
REQNUMBER: 2511281
SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability